Trace-based cryptanalysis of cyclotomic $R_{q,0}\times R_q$-PLWE for the non-split case
Abstract
We describe a decisional attack against a version of the PLWE problem in which the samples are taken from a certain proper subring of large dimension of the cyclotomic ring $\mathbb{F}_q[x]/(\Phi_{p^k}(x))$ with $k>1$ in the case where $q\equiv 1\pmod{p}$ but $\Phi_{p^k}(x)$ is not totally split over $\mathbb{F}_q$. Our attack uses the fact that the roots of $\Phi_{p^k}(x)$ over suitable extensions of $\mathbb{F}_q$ have zero-trace and has overwhelming success probability as a function of the number of input samples. An implementation in Maple and some examples of our attack are also provided.
- Publication:
-
arXiv e-prints
- Pub Date:
- September 2022
- DOI:
- 10.48550/arXiv.2209.11962
- arXiv:
- arXiv:2209.11962
- Bibcode:
- 2022arXiv220911962B
- Keywords:
-
- Computer Science - Cryptography and Security;
- 94A60 (Primary);
- 68W20;
- 12-04 (Secondary)
- E-Print:
- 20 pages